ICSA, the Governance Institute, has released guidance to improve board awareness of the implications of the EU General Data Protection Regulation (GDPR), due to come into force on 25 May 2018.
Prepared with the assistance of a working group comprised of ICSA members and Baker & McKenzie LLP, the guidance highlights the strategic and practical considerations raised by GDPR by breaking the legislation down into data basics, dealing with individuals and governance and risk management.
ICSA policy manager Liz Bradley, who is also author of the guidance, said: “Organisations of all shapes and sizes need to be ready to meet the requirements of GDPR, whether operating within the EU, operating outside the EU but offering goods or services to individuals within the EU or operating outside the EU and ‘profiling’ individuals within the EU.”
She has also stressed that organisations will have to embed data protection into the way they function not to incur hefty penalties.
The ICSA guidance can be found here.